Server-side Request Forgery (SSRF)

Overview nu.validator:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper implementation of localhost bypass protection. An attacker can cause the server to initiate arbitrary HTTP ...

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-domain-android (>=0.6.0 <=0.8.0) +2 more potentially affected by CVE-2025-66372 via org.mustangproject:library (>=2.0.0 <=2.16.2)

org.mustangproject:library MAVEN version =2.0.0, =0.5.0, =0.6.0, =0.6.0, =2.0.0, =2.16.2 Source cves: CVE-2025-66372 Source advisory: OSV:GHSA-X832-FPVJ-R5PH...

CVE-2025-12758

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to URL validation bypass [CVE-2025-56200]

Summary node.js module validator is used by IBM App Connect Enterprise Certified Container for data validation. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to URL validation bypass. This bulletin provides patch...

Incomplete Filtering of One or More Instances of Special Elements

Overview org.webjars.npm:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F...

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

Improper Validation of Specified Type of Input

Overview validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the isURL function which does not take into account : as the delimiter in browsers. An attackers can bypass protocol and domai...

Improper Validation of Specified Type of Input

Overview org.webjars.npm:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the isURL function which does not take into account : as the delimiter in browsers. An attackers can bypass...

Regular Expression Denial of Service (ReDoS)

Overview validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the isEmail function. PoC js var validator = require"validator" function buildattackn var ret = "" for var i = 0; i n; i++ ret +=...

Regular Expression Denial of Service (ReDoS)

Overview validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the isHSL function. PoC js var validator = require"validator" function buildattackn var ret = "hsla0" for var i = 0; i n; i++ ret...

Regular Expression Denial of Service (ReDoS)

Overview validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the isSlug function. PoC js var validator = require"validator" function buildattackn var ret = "111" for var i = 0; i n; i++ ret ...